function replace_user_action()
{
global $lang, $config;
require_once $config['basepath'] . '/include/login.inc.php';
$login = new login();
switch ($_GET['action']) {
case 'index':
$_GET['PageID'] = 1;
require_once $config['basepath'] . '/include/page_display.inc.php';
$search = new page_display();
$data = $search->display();
break;
case 'member_login':
$data = $login->display_login('Member');
break;
case 'search_step_2':
require_once $config['basepath'] . '/include/search.inc.php';
$search = new search_page();
$data = $search->create_searchpage();
break;
case 'searchpage':
require_once $config['basepath'] . '/include/search.inc.php';
$search = new search_page();
$data = $search->create_search_page_logic();
break;
case 'searchresults':
require_once $config['basepath'] . '/include/search.inc.php';
$search = new search_page();
$data = $search->search_results();
break;
case 'listingview':
require_once $config['basepath'] . '/include/listing.inc.php';
$listing = new listing_pages();
$data = $listing->listing_view();
break;
case 'addtofavorites':
require_once $config['basepath'] . '/include/members_favorites.inc.php';
$listing = new membersfavorites();
$data = $listing->addtofavorites();
break;
case 'view_favorites':
require_once $config['basepath'] . '/include/members_favorites.inc.php';
$listing = new membersfavorites();
$data = $listing->view_favorites();
break;
case 'view_saved_searches':
require_once $config['basepath'] . '/include/members_search.inc.php';
$listing = new memberssearch();
$data = $listing->view_saved_searches();
break;
case 'save_search':
require_once $config['basepath'] . '/include/members_search.inc.php';
$listing = new memberssearch();
$data = $listing->save_search();
break;
case 'delete_search':
require_once $config['basepath'] . '/include/members_search.inc.php';
$listing = new memberssearch();
$data = $listing->delete_search();
break;
case 'delete_favorites':
require_once $config['basepath'] . '/include/members_favorites.inc.php';
$listing = new membersfavorites();
$data = $listing->delete_favorites();
break;
case 'page_display':
require_once $config['basepath'] . '/include/page_display.inc.php';
$search = new page_display();
$data = $search->display();
break;
case 'calculator':
require_once $config['basepath'] . '/include/calculators.inc.php';
$calc = new calculators();
$data = $calc->start_calc();
break;
case 'view_listing_image':
require_once $config['basepath'] . '/include/images.inc.php';
$image = new image_handler();
$data = $image->view_image('listing');
break;
case 'view_user_image':
require_once $config['basepath'] . '/include/images.inc.php';
$image = new image_handler();
$data = $image->view_image('userimage');
break;
case 'rss_featured_listings':
require_once $config['basepath'] . '/include/rss.inc.php';
$rss = new rss();
$data = $rss->rss_view('featured');
break;
case 'rss_lastmodified_listings':
require_once $config['basepath'] . '/include/rss.inc.php';
$rss = new rss();
$data = $rss->rss_view('lastmodified');
break;
case 'view_user':
require_once $config['basepath'] . '/include/user.inc.php';
$user = new user();
$data = $user->view_user();
break;
case 'view_users':
require_once $config['basepath'] . '/include/user.inc.php';
$user = new user();
$data = $user->view_users();
break;
case 'edit_profile':
require_once $config['basepath'] . '/include/user_manager.inc.php';
if (!isset($_GET['user_id'])) {
$_GET['user_id'] = 0;
}
$user_managment = new user_managment();
$data = $user_managment->edit_member_profile($_GET['user_id']);
break;
case 'signup':
if (isset($_GET['type'])) {
require_once $config['basepath'] . '/include/user_manager.inc.php';
$listing = new user_managment();
$data = $listing->user_signup($_GET['type']);
}
break;
case 'show_vtour':
if (isset($_GET['listingID'])) {
require_once $config['basepath'] . '/include/vtour.inc.php';
$vtour = new vtours();
$data = $vtour->show_vtour($_GET['listingID']);
} else {
$data = 'No Listing ID';
}
break;
case 'contact_friend':
require_once $config['basepath'] . '/include/contact.inc.php';
$contact = new contact();
if (isset($_GET['listing_id'])) {
$data = $contact->ContactFriendForm($_GET['listing_id']);
}
break;
case 'contact_agent':
require_once $config['basepath'] . '/include/contact.inc.php';
$contact = new contact();
if (isset($_GET['listing_id']) && isset($_GET['agent_id'])) {
$data = $contact->ContactAgentForm($_GET['listing_id'], $_GET['agent_id']);
} elseif (isset($_GET['listing_id'])) {
$data = $contact->ContactAgentForm($_GET['listing_id'], 0);
} elseif (isset($_GET['agent_id'])) {
$data = $contact->ContactAgentForm(0, $_GET['agent_id']);
} else {
$data = '';
}
break;
case 'create_vcard':
require_once $config['basepath'] . '/include/user.inc.php';
$user = new user();
if (isset($_GET['user'])) {
$data = $user->create_vcard($_GET['user']);
}
break;
case 'create_download':
require_once $config['basepath'] . '/include/files.inc.php';
$files = new file_handler();
if (isset($_GET['ID']) && isset($_GET['file_id']) && isset($_GET['type'])) {
$data = $files->create_download($_GET['ID'], $_GET['file_id'], $_GET['type']);
} elseif (isset($_POST['ID']) && isset($_POST['file_id']) && isset($_POST['type'])) {
$data = $files->create_download($_POST['ID'], $_POST['file_id'], $_POST['type']);
}
break;
case 'blog_index':
require_once $config['basepath'] . '/include/blog_display.inc.php';
$blog = new blog_display();
$data = $blog->disply_blog_index();
break;
case 'blog_view_article':
require_once $config['basepath'] . '/include/blog_display.inc.php';
$blog = new blog_display();
$data = $blog->display();
break;
case 'verify_email':
require_once $config['basepath'] . '/include/user_manager.inc.php';
$user_manager = new user_managment();
$data = $user_manager->verify_email();
break;
default:
$addon_name = array();
if (preg_match("/^addon_(.\\S*?)_.*/", $_GET['action'], $addon_name)) {
$file = $config['basepath'] . '/addons/' . $addon_name[1] . '/addon.inc.php';
if (file_exists($file)) {
include_once $file;
$function_name = $addon_name[1] . '_run_action_user_template';
$data = $function_name();
} else {
$data = $lang['addon_doesnt_exist'];
}
} else {
$data = '';
}
break;
}
// End switch ($_GET['action'])
return $data;
}
function loginCheck($priv_level_needed, $internal = false)
{
global $conn, $config, $lang;
// Load misc Class
$display = '';
$checked = login::check_login();
if (!$checked and !isset($_POST['user_name'])) {
if ($internal !== true) {
return login::display_login($priv_level_needed);
} else {
return false;
}
} elseif (isset($_POST['user_name'])) {
if (!$_POST['user_name'] || !$_POST['user_pass']) {
if ($internal !== true) {
$display .= $lang['required_field_not_filled'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
}
/* Spruce up username, check length */
$_POST['user_name'] = trim($_POST['user_name']);
if (strlen($_POST['user_name']) > 30) {
if ($internal !== true) {
$display .= $lang['username_excessive_length'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
}
/* Checks that username is in database and password is correct */
$md5pass = md5($_POST['user_pass']);
$result = login::confirm_user($_POST['user_name'], $md5pass);
/* Check error codes */
if ($result == 1) {
if ($internal !== true) {
$display .= $lang['nonexistent_username'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
} else {
if ($result == 2) {
if ($internal !== true) {
$display .= $lang['incorrect_password'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
} else {
if ($result == 3) {
if ($internal !== true) {
$display .= $lang['inactive_user'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
}
}
}
}
if (isset($_POST['user_name']) || $checked) {
/* Username and password correct, register session variables */
if (isset($_POST['user_name'])) {
$_POST['user_name'] = stripslashes($_POST['user_name']);
$_SESSION['username'] = $_POST['user_name'];
$_SESSION['userpassword'] = $md5pass;
}
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$username = $misc->make_db_safe($_SESSION['username']);
$sql = 'SELECT * FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_user_name= ' . $username;
$recordSet = $conn->Execute($sql);
$_SESSION['userID'] = $recordSet->fields['userdb_id'];
$_SESSION['admin_privs'] = $recordSet->fields['userdb_is_admin'];
$_SESSION['active'] = $recordSet->fields['userdb_active'];
$_SESSION['isAgent'] = $recordSet->fields['userdb_is_agent'];
$_SESSION['featureListings'] = $recordSet->fields['userdb_can_feature_listings'];
$_SESSION['viewLogs'] = $recordSet->fields['userdb_can_view_logs'];
$_SESSION['moderator'] = $recordSet->fields['userdb_can_moderate'];
$_SESSION['editpages'] = $recordSet->fields['userdb_can_edit_pages'];
$_SESSION['havevtours'] = $recordSet->fields['userdb_can_have_vtours'];
$_SESSION['havefiles'] = $recordSet->fields['userdb_can_have_files'];
$_SESSION['is_member'] = 'yes';
// Removed in 2.1
// $_SESSION['editForms'] = $recordSet->fields['userdb_can_edit_forms'];
// New Permissions with OR 2.1
$_SESSION['edit_site_config'] = $recordSet->fields['userdb_can_edit_site_config'];
$_SESSION['edit_member_template'] = $recordSet->fields['userdb_can_edit_member_template'];
$_SESSION['edit_agent_template'] = $recordSet->fields['userdb_can_edit_agent_template'];
$_SESSION['edit_listing_template'] = $recordSet->fields['userdb_can_edit_listing_template'];
$_SESSION['export_listings'] = $recordSet->fields['userdb_can_export_listings'];
$_SESSION['edit_all_listings'] = $recordSet->fields['userdb_can_edit_all_listings'];
$_SESSION['edit_all_users'] = $recordSet->fields['userdb_can_edit_all_users'];
$_SESSION['edit_property_classes'] = $recordSet->fields['userdb_can_edit_property_classes'];
$_SESSION['edit_expiration'] = $recordSet->fields['userdb_can_edit_expiration'];
$_SESSION['blog_user_type'] = $recordSet->fields['userdb_blog_user_type'];
$_SESSION['can_manage_addons'] = $recordSet->fields['userdb_can_manage_addons'];
/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his md5 encrypted password. We set them both to
* expire in 100 days. Now, next time he comes to our site, we will
* log him in automatically.
*/
if (isset($_POST['remember'])) {
setcookie('cookname', $_SESSION['username'], time() + 60 * 60 * 24 * 100, '/');
setcookie('cookpass', $_SESSION['userpassword'], time() + 60 * 60 * 24 * 100, '/');
}
if (!login::verify_priv($priv_level_needed)) {
if ($internal !== true) {
$display .= $lang['access_denied'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
} else {
return true;
}
}
}
